geoserver · groldan · Aug 4, 2024 · Aug 3, 2024
diff --git a/.github/workflows/build-plugin.yaml b/.github/workflows/build-plugin.yaml
@@ -12,38 +12,47 @@ jobs:
     name: GeoServer dev version
     runs-on: ubuntu-latest
     timeout-minutes: 15
+    strategy:
+      matrix:
+        java-version: [ 11, 17, 21 ]
     steps:
     - uses: actions/checkout@v3
     - uses: actions/setup-java@v2
       with:
         distribution: 'temurin'
-        java-version: '17'
+        java-version: ${{ matrix.java-version }}
         cache: 'maven'
     - run: |
         make plugin-test-gs-dev
   test-gs-stable-plugin:
     name: GeoServer stable version
     runs-on: ubuntu-latest
     timeout-minutes: 15
+    strategy:
+      matrix:
+        java-version: [ 11, 17, 21 ]
     steps:
     - uses: actions/checkout@v3
     - uses: actions/setup-java@v2
       with:
         distribution: 'temurin'
-        java-version: '17'
+        java-version: ${{ matrix.java-version }}
         cache: 'maven'
     - run: |
         make plugin-test-gs-stable
   test-gs-maintenance-plugin:
     name: GeoServer maintenance version
     runs-on: ubuntu-latest
     timeout-minutes: 15
+    strategy:
+      matrix:
+        java-version: [ 11, 17, 21 ]
     steps:
     - uses: actions/checkout@v3
     - uses: actions/setup-java@v2
       with:
         distribution: 'temurin'
-        java-version: '17'
+        java-version: ${{ matrix.java-version }}
         cache: 'maven'
     - run: |
         make plugin-test-gs-maintenance

diff --git a/Makefile b/Makefile
@@ -11,14 +11,17 @@ install:
 plugin:
 	./mvnw clean install -pl :gs-acl-client-plugin --also-make -ntp
 
+# plugin-test-* run with -Denforcer.skip for the CI build
+# to execute it with both Java 11 and 17, ensuring the plugin is compatible with
+# the minimum java version required by GeoServer
 plugin-test-gs-dev:
-	./mvnw -P gs_dev verify -pl :gs-acl-client-plugin -am -ntp
+	./mvnw -Denforcer.skip -P gs_dev verify -pl :gs-acl-client-plugin -am -ntp
 
 plugin-test-gs-stable:
-	./mvnw -P gs_stable verify -pl :gs-acl-client-plugin -am -ntp
+	./mvnw -Denforcer.skip -P gs_stable verify -pl :gs-acl-client-plugin -am -ntp
 
 plugin-test-gs-maintenance:
-	./mvnw -P gs_maintenance verify -pl :gs-acl-client-plugin -am -ntp
+	./mvnw -Denforcer.skip -P gs_maintenance verify -pl :gs-acl-client-plugin -am -ntp
 
 lint:
 	./mvnw sortpom:verify fmt:check -ntp

diff --git a/pom.xml b/pom.xml
@@ -354,7 +354,7 @@
         <plugin>
           <groupId>com.spotify.fmt</groupId>
           <artifactId>fmt-maven-plugin</artifactId>
-          <version>2.21.1</version>
+          <version>2.23</version>
           <configuration>
             <verbose>false</verbose>
             <filesNamePattern>.*\.java</filesNamePattern>

diff --git a/...cation/authorization-api/src/main/java/org/geoserver/acl/authorization/AccessSummary.java b/...cation/authorization-api/src/main/java/org/geoserver/acl/authorization/AccessSummary.java
@@ -4,6 +4,8 @@
  */
 package org.geoserver.acl.authorization;
 
+import static java.lang.String.format;
+
 import lombok.EqualsAndHashCode;
 import lombok.NonNull;
 
@@ -94,7 +96,7 @@ public Set<String> adminableWorkspaces() {
     @Override
     public String toString() {
         var values = new TreeMap<>(workspaceSummaries).values();
-        return "%s[%s]".formatted(getClass().getSimpleName(), values);
+        return format("%s[%s]", getClass().getSimpleName(), values);
     }
 
     public boolean hasAdminRightsToAnyWorkspace() {

diff --git a/...thorization-api/src/main/java/org/geoserver/acl/authorization/WorkspaceAccessSummary.java b/...thorization-api/src/main/java/org/geoserver/acl/authorization/WorkspaceAccessSummary.java
@@ -4,6 +4,8 @@
  */
 package org.geoserver.acl.authorization;
 
+import static java.lang.String.format;
+
 import lombok.Builder;
 import lombok.NonNull;
 import lombok.Value;
@@ -58,8 +60,9 @@ public class WorkspaceAccessSummary implements Comparable<WorkspaceAccessSummary
 
     @Override
     public String toString() {
-        return "[%s: admin: %s, allowed: %s, forbidden: %s]"
-                .formatted(workspace, adminAccess, allowed, forbidden);
+        return format(
+                "[%s: admin: %s, allowed: %s, forbidden: %s]",
+                workspace, adminAccess, allowed, forbidden);
     }
 
     public boolean canSeeLayer(String layerName) {

diff --git a/...rization-impl/src/main/java/org/geoserver/acl/authorization/AuthorizationServiceImpl.java b/...rization-impl/src/main/java/org/geoserver/acl/authorization/AuthorizationServiceImpl.java
@@ -20,6 +20,7 @@
 import static org.geoserver.acl.domain.rules.SpatialFilterType.CLIP;
 import static org.geoserver.acl.domain.rules.SpatialFilterType.INTERSECT;
 
+import static java.lang.String.format;
 import static java.util.Comparator.comparing;
 import static java.util.Comparator.naturalOrder;
 
@@ -97,7 +98,7 @@ private List<Rule> flatten(Map<String, List<Rule>> found) {
                 .flatMap(List::stream)
                 .sorted((r1, r2) -> Long.compare(r1.getPriority(), r2.getPriority()))
                 .distinct()
-                .toList();
+                .collect(Collectors.toList());
     }
 
     @Override
@@ -116,7 +117,8 @@ public AccessInfo getAccessInfo(@NonNull AccessRequest request) {
 
         if (null == ret) ret = AccessInfo.DENY_ALL;
 
-        List<String> matchingIds = flatten(groupedRules).stream().map(Rule::getId).toList();
+        List<String> matchingIds =
+                flatten(groupedRules).stream().map(Rule::getId).collect(Collectors.toList());
         ret = ret.withMatchingRules(matchingIds);
         log.debug("Request: {}, response: {}", request, ret);
         return ret;
@@ -147,7 +149,7 @@ public AccessSummary getUserAccessSummary(AccessSummaryRequest request) {
         List<WorkspaceAccessSummary> summaries =
                 workspaces.stream()
                         .map(ws -> conflateViewables(ws, wsAdminRules, wsRules))
-                        .toList();
+                        .collect(Collectors.toList());
 
         return AccessSummary.of(summaries);
     }
@@ -206,16 +208,21 @@ void conflateRules(WorkspaceAccessSummary.Builder builder, List<Rule> rules) {
                             String layer = r.getIdentifier().getLayer();
                             if (null == layer) layer = WorkspaceAccessSummary.ANY;
                             switch (access) {
-                                case ALLOW -> builder.addAllowed(layer);
-                                case DENY -> {
-                                    // only add forbidden layers if they're so for all services, to
-                                    // comply with the "somehow can see" motto of the summary
-                                    String service = r.getIdentifier().getService();
-                                    if (null == service) {
-                                        builder.addForbidden(layer);
+                                case ALLOW:
+                                    builder.addAllowed(layer);
+                                    break;
+                                case DENY:
+                                    {
+                                        // only add forbidden layers if they're so for all services,
+                                        // to comply with the "somehow can see" motto of the summary
+                                        String service = r.getIdentifier().getService();
+                                        if (null == service) {
+                                            builder.addForbidden(layer);
+                                        }
                                     }
-                                }
-                                default -> throw new IllegalArgumentException();
+                                    break;
+                                default:
+                                    throw new IllegalArgumentException();
                             }
                         });
     }
@@ -270,11 +277,11 @@ private <R> Function<R, String> workspaceMapper(Function<R, String> workspaceExt
 
     private <T> BinaryOperator<List<T>> mergeFunction() {
         return (l1, l2) -> {
-            if (l1 instanceof ArrayList<T>) {
+            if (l1 instanceof ArrayList) {
                 l1.addAll(l2);
                 return l1;
             }
-            if (l2 instanceof ArrayList<T>) {
+            if (l2 instanceof ArrayList) {
                 l2.addAll(l1);
                 return l2;
             }
@@ -364,7 +371,7 @@ private Geometry toJTS(org.geolatte.geom.Geometry<?> geom) {
 
     private String unionCQL(String c1, String c2) {
         if (c1 == null || c2 == null) return null;
-        return "(%s) OR (%s)".formatted(c1, c2);
+        return format("(%s) OR (%s)", c1, c2);
     }
 
     private Geometry unionGeometry(Geometry g1, Geometry g2) {
@@ -525,7 +532,7 @@ private Geometry intersect(List<RuleLimits> limits) {
                         .map(RuleLimits::getAllowedArea)
                         .filter(Objects::nonNull)
                         .map(this::toJTS)
-                        .toList();
+                        .collect(Collectors.toList());
         if (geoms.isEmpty()) return null;
         if (1 == geoms.size()) return geoms.get(0);
 
@@ -618,7 +625,8 @@ protected Map<String, List<Rule>> getMatchingRulesByRole(AccessRequest request)
                 filter = filter.clone();
                 filter.getRole().setType(SpecialFilterType.DEFAULT);
             }
-            List<Rule> found = ruleService.getAll(RuleQuery.of(filter)).toList();
+            List<Rule> found =
+                    ruleService.getAll(RuleQuery.of(filter)).collect(Collectors.toList());
             ret.put(null, found);
         } else {
             // used to be: for(role: finalRoleFilter) getRulesByRole(filter, role);,
@@ -641,7 +649,7 @@ protected Map<String, List<Rule>> getMatchingRulesByRole(AccessRequest request)
     private List<Rule> getRulesByRoleIncludeDefault(RuleFilter filter) {
         filter = filter.clone();
         filter.getRole().setIncludeDefault(true);
-        return ruleService.getAll(RuleQuery.of(filter)).toList();
+        return ruleService.getAll(RuleQuery.of(filter)).collect(Collectors.toList());
     }
 
     private boolean isAdminAuth(Optional<AdminRule> rule) {

diff --git a/...rization-impl/src/test/java/org/geoserver/acl/authorization/AuthorizationServiceTest.java b/...rization-impl/src/test/java/org/geoserver/acl/authorization/AuthorizationServiceTest.java
@@ -33,6 +33,7 @@
 import java.util.Arrays;
 import java.util.List;
 import java.util.Set;
+import java.util.stream.Collectors;
 
 /**
  * {@link AuthorizationService} integration/conformance test
@@ -594,9 +595,12 @@ private void assertGetMatchingRules(
     private void assertMatchingRules(AccessRequest request, Integer... expectedPriorities) {
         List<Rule> rules = authorizationService.getMatchingRules(request);
 
-        List<Long> pri = rules.stream().map(r -> r.getPriority()).sorted().toList();
+        List<Long> pri =
+                rules.stream().map(r -> r.getPriority()).sorted().collect(Collectors.toList());
         List<Long> exp =
-                Arrays.asList(expectedPriorities).stream().map(i -> i.longValue()).toList();
+                Arrays.asList(expectedPriorities).stream()
+                        .map(i -> i.longValue())
+                        .collect(Collectors.toList());
         assertEquals(exp, pri, "Bad rule set selected for filter " + request);
     }
 

diff --git a/src/application/pom.xml b/src/application/pom.xml
@@ -18,4 +18,7 @@
     <module>authorization-api</module>
     <module>authorization-impl</module>
   </modules>
+  <properties>
+    <java.version>11</java.version>
+  </properties>
 </project>
diff --git a/.../org/geoserver/acl/autoconfigure/security/PreAuthenticationSecurityAutoConfiguration.java b/.../org/geoserver/acl/autoconfigure/security/PreAuthenticationSecurityAutoConfiguration.java
@@ -41,7 +41,7 @@ RequestHeaderAuthenticationFilter requestHeaderAuthenticationFilter(
         String rolesHeader = config.getHeaders().getRolesHeader();
         if (!StringUtils.hasText(userHeader) || !StringUtils.hasText(rolesHeader)) {
             throw new IllegalStateException(
-                    """
+                            """
                     Both user and roles header names must be provided, got \
                     geoserver.acl.security.headers.userHeader: %s, \
                     geoserver.acl.security.headers.rolesHeader: %s

diff --git a/src/domain/pom.xml b/src/domain/pom.xml
@@ -20,4 +20,7 @@
     <module>rule-management</module>
     <module>adminrule-management</module>
   </modules>
+  <properties>
+    <java.version>11</java.version>
+  </properties>
 </project>
diff --git a/...in/rule-management/src/main/java/org/geoserver/acl/domain/rules/RuleAdminServiceImpl.java b/...in/rule-management/src/main/java/org/geoserver/acl/domain/rules/RuleAdminServiceImpl.java
@@ -18,6 +18,7 @@
 import java.util.Optional;
 import java.util.Set;
 import java.util.function.Consumer;
+import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
 /**
@@ -186,7 +187,7 @@ public Stream<Rule> getAll(@NonNull RuleQuery<RuleFilter> query) {
     @Override
     public Optional<Rule> getRule(@NonNull RuleFilter filter) throws IllegalArgumentException {
         RuleQuery<RuleFilter> query = RuleQuery.of(filter).setLimit(2);
-        List<Rule> found = ruleRepository.findAll(query).toList();
+        List<Rule> found = ruleRepository.findAll(query).collect(Collectors.toList());
         if (found.size() > 1) {
             throw new IllegalArgumentException(
                     "Unexpected rule count for filter " + filter + " : " + found.size());

diff --git a/src/domain/rule-management/src/main/java/org/geoserver/acl/domain/rules/RuleEvent.java b/src/domain/rule-management/src/main/java/org/geoserver/acl/domain/rules/RuleEvent.java
@@ -4,6 +4,8 @@
  */
 package org.geoserver.acl.domain.rules;
 
+import static java.lang.String.format;
+
 import lombok.AccessLevel;
 import lombok.AllArgsConstructor;
 import lombok.Data;
@@ -48,6 +50,6 @@ public static RuleEvent deleted(@NonNull String... ids) {
 
     @Override
     public String toString() {
-        return "%s%s".formatted(eventType, ruleIds);
+        return format("%s%s", eventType, ruleIds);
     }
 }
diff --git a/...ule-management/src/test/java/org/geoserver/acl/domain/rules/MemoryPriorityRepository.java b/...ule-management/src/test/java/org/geoserver/acl/domain/rules/MemoryPriorityRepository.java
@@ -11,6 +11,7 @@
 import java.util.Optional;
 import java.util.SortedSet;
 import java.util.TreeSet;
+import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
 public abstract class MemoryPriorityRepository<R> {
@@ -72,7 +73,7 @@ protected int shiftPrioritiesBetween(long min, long max, long offset) {
                                     long p = getPriority(r);
                                     return p >= min && p <= max;
                                 })
-                        .toList();
+                        .collect(Collectors.toList());
 
         rules.removeAll(matches);
         matches.forEach(

diff --git a/...main/rule-management/src/test/java/org/geoserver/acl/domain/rules/RuleAdminServiceIT.java b/...main/rule-management/src/test/java/org/geoserver/acl/domain/rules/RuleAdminServiceIT.java
@@ -27,6 +27,7 @@
 import java.util.List;
 import java.util.Optional;
 import java.util.Set;
+import java.util.stream.Collectors;
 import java.util.stream.IntStream;
 
 public class RuleAdminServiceIT {
@@ -255,7 +256,7 @@ void testGetAll() {
         ruleAdminService.setLayerDetails(r2.getId(), details2);
 
         List<Rule> expected = List.of(r1, r2);
-        List<Rule> actual = ruleAdminService.getAll().toList();
+        List<Rule> actual = ruleAdminService.getAll().collect(Collectors.toList());
         assertThat(actual).isEqualTo(expected);
     }
 
@@ -278,7 +279,7 @@ void testGetAll_and_GetList_paginated() {
         String nextCursorId = null;
         for (int page = 0; page < maxPages; page++) {
             query.setNextId(nextCursorId);
-            List<Rule> result = ruleAdminService.getAll(query).toList();
+            List<Rule> result = ruleAdminService.getAll(query).collect(Collectors.toList());
             if (result.size() > pageSize) {
                 assertThat(result.size()).isEqualTo(1 + pageSize);
                 nextCursorId = result.get(pageSize).getId();
@@ -608,7 +609,7 @@ void testUpdateRuleById_shifts_other_priorities_if_needed() {
         r1 = r1.withPriority(4);
         r4 = r4.withPriority(5);
         assertThat(ruleAdminService.update(r3)).isEqualTo(r3);
-        List<Rule> collect = ruleAdminService.getAll().toList();
+        List<Rule> collect = ruleAdminService.getAll().collect(Collectors.toList());
 
         assertGet(r2).as("r2 should have kept priority 2").isEqualTo(r2);
 
@@ -689,11 +690,9 @@ void testShiftRulesByPriority() {
     }
 
     private void assertPriorities(List<Rule> expectedOrder, List<Integer> expectedPriorities) {
-        assertThat(expectedOrder.size())
-                .as("mismatch in expectations")
-                .isEqualTo(expectedPriorities.size());
-        List<Rule> all = ruleAdminService.getAll().toList();
-        assertThat(all.size()).isEqualTo(expectedPriorities.size());
+        assertThat(expectedOrder).as("mismatch in expectations").hasSize(expectedPriorities.size());
+        List<Rule> all = ruleAdminService.getAll().collect(Collectors.toList());
+        assertThat(all).hasSize(expectedPriorities.size());
 
         for (int i = 0; i < expectedOrder.size(); i++) {
             int p = expectedPriorities.get(i);